{"api_version":"1","generated_at":"2026-04-23T04:34:33+00:00","cve":"CVE-2021-43049","urls":{"html":"https://cve.report/CVE-2021-43049","api":"https://cve.report/api/cve/CVE-2021-43049.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43049","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43049"},"summary":{"title":"CVE-2021-43049","description":"The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.","state":"PUBLIC","assigner":"security@tibco.com","published_at":"2022-02-15 18:15:00","updated_at":"2022-02-24 19:11:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.tibco.com/services/support/advisories","name":"https://www.tibco.com/services/support/advisories","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Advisory | TIBCO Software","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049","name":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"TIBCO Security Advisory: February 15, 2022 - TIBCO BusinessConnect Container Edition - 2021-43049 | TIBCO Software","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43049","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43049","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"43049","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"businessconnect","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"container","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@tibco.com","DATE_PUBLIC":"2022-02-15T17:00:00Z","ID":"CVE-2021-43049","STATE":"PUBLIC","TITLE":"TIBCO BusinessConnect Container Edition username and password leakage"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"TIBCO BusinessConnect Container Edition","version":{"version_data":[{"version_affected":"<=","version_value":"1.1.0"}]}}]},"vendor_name":"TIBCO Software Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."}]}]},"references":{"reference_data":[{"name":"https://www.tibco.com/services/support/advisories","refsource":"CONFIRM","url":"https://www.tibco.com/services/support/advisories"},{"refsource":"CONFIRM","name":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049","url":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"}]},"solution":[{"lang":"eng","value":"TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"}],"source":{"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2022-02-15 18:15:00","lastModifiedDate":"2022-02-24 19:11:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tibco:businessconnect:*:*:*:*:container:*:*:*","versionEndExcluding":"1.1.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43049","Ordinal":"219578","Title":"CVE-2021-43049","CVE":"CVE-2021-43049","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43049","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}